754a2adf465ea8b355de2fd42a76bf7930b5a4d023c4a3489192a93b2f840bc3

General

Target

754a2adf465ea8b355de2fd42a76bf7930b5a4d023c4a3489192a93b2f840bc3.exe
Size

8.3MB
MD5

529f22c34e4237b1283dc7152d332265
SHA1

b41ffc8c00bbc23de2d73d22f46d5658bfd7fc73
SHA256

754a2adf465ea8b355de2fd42a76bf7930b5a4d023c4a3489192a93b2f840bc3
SHA512

5ebd22bfece54a3c40c85c1f14d65882f90aba21a6401cd63ea4a92da469a72a35f2a8a793f1162e04e2d4f5cf7519d2c4e7a7e8c0f7201c2805c62319f23798
SSDEEP

196608:HpD5qBDmp2DfVOqfqtlOGWNVN2HaI+1y9V1t+d+8HWcZJU5HPC+oQQ:JtAVOQUQNu6I+UV1t/3cvrx

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\Main	754a2adf465ea8b355de2fd42a76bf7930b5a4d023c4a3489192a93b2f840bc3.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1540	754a2adf465ea8b355de2fd42a76bf7930b5a4d023c4a3489192a93b2f840bc3.exe
1540	754a2adf465ea8b355de2fd42a76bf7930b5a4d023c4a3489192a93b2f840bc3.exe
1540	754a2adf465ea8b355de2fd42a76bf7930b5a4d023c4a3489192a93b2f840bc3.exe
1540	754a2adf465ea8b355de2fd42a76bf7930b5a4d023c4a3489192a93b2f840bc3.exe

C:\Users\Admin\AppData\Local\Temp\754a2adf465ea8b355de2fd42a76bf7930b5a4d023c4a3489192a93b2f840bc3.exe
"C:\Users\Admin\AppData\Local\Temp\754a2adf465ea8b355de2fd42a76bf7930b5a4d023c4a3489192a93b2f840bc3.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1540

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\754a2adf465ea8b355de2fd42a76bf7930b5a4d023c4a3489192a93b2f840bc3.exepack.tmp

Filesize
2KB

MD5
4208129ab016444d23c42b1d2803b5f7

SHA1
15b6cf0c1d072b46e00879fca0faf74a85f1c712

SHA256
a9a073ecb091a881d0b71c7cbf1fcbaa3253a5741bcb639599db2192eb17f0c0

SHA512
28be3b8a75863e59873a0725b722a27087e74a68f82bce319098811f81017d9715e61e3251a95f7a4b1700f828064fe6cf02ff4267b44b80fbf9337a32b8761b

Download Submit
C:\Users\Admin\AppData\Local\Temp\c6ad2fcb0bca4b5ff1dc266066afde39.ini

Filesize
1KB

MD5
29040545dcfbcd4fad1894e2ba59da0f

SHA1
274d2c2204c3fbdf3d1a365a2cd6a956428a8f92

SHA256
b3318fbcab322fbe85b6259fb456e9a6e4655615901cfa576e5d44b5af8f78b9

SHA512
dc22e1b46aedff2b9be596534af5125c1e9fbcfbb0e91a0e5e49844a1222b2799316bde94c12120b377a01bae0af3cb2854d5164d553346bc030b2e9407f9041

Download Submit
C:\Users\Admin\AppData\Local\Temp\c6ad2fcb0bca4b5ff1dc266066afde39A.ini

Filesize
1KB

MD5
7a006a04ba3251344d268130731c41d9

SHA1
3e6dfa801ea970d17aa9f9652016b68a0efc8064

SHA256
930f6fdcad0ebc630109f0c6f507161a2505526ebb9919877a1e969b8031fd0f

SHA512
0849d560cce7cdcb486027423c39b0e509f0aae1b9d8813a445eaac390ffdb90d70a1912252bce2889d5da373554067df9f1873754e972cdf3949c697217af58

Download Submit
memory/1540-355-0x0000000000400000-0x0000000001EA1000-memory.dmp

Filesize
26.6MB

Download
memory/1540-357-0x0000000000400000-0x0000000001EA1000-memory.dmp

Filesize
26.6MB

Download
memory/1540-2-0x0000000000400000-0x0000000001EA1000-memory.dmp

Filesize
26.6MB

Download
memory/1540-1-0x0000000000250000-0x0000000000253000-memory.dmp

Filesize
12KB

Download
memory/1540-334-0x0000000000400000-0x0000000001EA1000-memory.dmp

Filesize
26.6MB

Download
memory/1540-337-0x0000000000250000-0x0000000000253000-memory.dmp

Filesize
12KB

Download
memory/1540-338-0x0000000004770000-0x0000000004780000-memory.dmp

Filesize
64KB

Download
memory/1540-340-0x0000000050000000-0x0000000050109000-memory.dmp

Filesize
1.0MB

Download
memory/1540-354-0x0000000000400000-0x0000000001EA1000-memory.dmp

Filesize
26.6MB

Download
memory/1540-0-0x0000000000400000-0x0000000001EA1000-memory.dmp

Filesize
26.6MB

Download
memory/1540-356-0x0000000000400000-0x0000000001EA1000-memory.dmp

Filesize
26.6MB

Download
memory/1540-5-0x0000000050000000-0x0000000050109000-memory.dmp

Filesize
1.0MB

Download
memory/1540-358-0x0000000000400000-0x0000000001EA1000-memory.dmp

Filesize
26.6MB

Download
memory/1540-360-0x0000000000400000-0x0000000001EA1000-memory.dmp

Filesize
26.6MB

Download
memory/1540-361-0x0000000000400000-0x0000000001EA1000-memory.dmp

Filesize
26.6MB

Download
memory/1540-362-0x0000000000400000-0x0000000001EA1000-memory.dmp

Filesize
26.6MB

Download
memory/1540-363-0x0000000000400000-0x0000000001EA1000-memory.dmp

Filesize
26.6MB

Download
memory/1540-364-0x0000000000400000-0x0000000001EA1000-memory.dmp

Filesize
26.6MB

Download
memory/1540-365-0x0000000000400000-0x0000000001EA1000-memory.dmp

Filesize
26.6MB

Download
memory/1540-366-0x0000000000400000-0x0000000001EA1000-memory.dmp

Filesize
26.6MB

Download
memory/1540-367-0x0000000000400000-0x0000000001EA1000-memory.dmp

Filesize
26.6MB

Download
memory/1540-370-0x0000000000400000-0x0000000001EA1000-memory.dmp

Filesize
26.6MB

Download

Analysis

Sharing